Orchard.SecureSocketsLayer module broken when port is specified with host name?

Topics: General, Troubleshooting
Mar 13, 2015 at 6:15 PM
We just pulled the latest from Orchard 1.x and ran into an issue with Orchard.SecureSocketsLayer caused by the fix for issue 20935.

This resolution seems to break in cases where the port number is included with the host name.

In our case, we're enabling SSL on everything and setting SecureHostName='localhost:44300' in our recipe. The UriBuilder constructor that takes the uri string, that this change added, chokes if the uri includes a port. Instead of the created UriBuilder having both the host and port set based on the provided URI, we instead see our specified host replaced with the port (44300) and the default port (443) being used.

For example
var secureHostName = "localhost:44300";
var path = "home-page"
var builder = new UriBuilder(secureHostName.Trim('/') + path) {
    Scheme = Uri.UriSchemeHttps, 
    Port = 443
I would expect to see (and how it previously worked):
UriBuilder {
    Host = "localhost",
    Port = "44300"
But we're actually seeing:
UriBuilder {
    Host = "44300",
    Port = "443"
We were unable to reproduce the originally reported issue, so we backed out this change and everything appears to be working again, as expected.
Mar 18, 2015 at 12:02 AM
I can confirm

In SecureSocketsLayerService.cs, in MakeInsecure() and in MakeSecure(), one solution is to replace this
    var builder = new UriBuilder(insecureHostName.Trim('/') + path) {
    var builder = new UriBuilder(secureHostName.Trim('/') + path) {
    var builder = new UriBuilder(insecureHostName.Split(':').First().Trim('/') + path) {
    var builder = new UriBuilder(secureHostName.Split(':').First().Trim('/') + path) {
Note: I could repro the original issue but with an unfound "http" url, not with an "https" url as mentioned in the workitem

I will update this workitem, but it's marked as resolved. So, it would be good that you file another issue, then I will upvote it and put my code snippet